- Email: [email protected]
Mobile phone calls as a business risk
Feature
Mobile phone calls as a business risk Simon Bransfield-Garth, Cellcrypt
Simon BransfieldGarth
Mobile phone technology is under attack, leaving users and businesses vulnerable. Much has been written on the data risk to businesses from mobile phones but it’s only recently that the risk of voice call interception has hit the headlines. Now businesses have to face up to the challenge of securing corporate information without unduly restricting the use of this essential business tool. Mobile phone use has grown rapidly since the first mobile call in 1973 to become the most universal technology in the world, with more than four billion people (well over half the global population) connected.
High-profile casualties Many people will remember the days of analogue mobile phones and stories of private investigators driving around with radio scanners, seeking out conversations. There was a number of high profile casualties who hit the headlines at the time, including – allegedly – members of the UK Royal Family.1 This problem largely disappeared in 1988 with the introduction of 2G, or GSM, mobile networks. The digital nature of the communications allowed encryption of the mobile air communications, making scanners useless. And so the problem disappeared from the radar for a while. In 1988, mobile phones typically used (by today’s standards) primitive processors and only a few kilobytes of memory. This had an impact on the design of mobile networks and was a factor in the choice of encryption used. The algorithms had to be consistent with the limited computational power available in the early devices. By 2010, the memory in a typical mobile phone has grown well over 10,000 times and the processing power has massively increased to the point where today’s smartphones would outpace high-end computers of just a few years ago. However, the encryption 4
Network Security
algorithms used in GSM networks were set down in formal standards, and so the ones used today are very similar to those specified in 1988. Although 3G networks often use a stronger cipher, known as A5/3, 2G networks (or 3G networks that switch automatically to 2G in poor coverage areas) routinely use the much weaker A5/1 algorithm that was originally specified. And in some countries, encryption is turned off altogether.
“Recent information coming from the hacker community and the ability of the Internet to distribute ways of attacking phones globally has massively reduced the barrier to intercepting mobile phone calls” The massive growth in everyday computing capability in the past 25 years means that networks are open to a degree of brute force attack that was never envisaged by the founding fathers. This, coupled with recent information coming from the hacker community and the ability of the Internet to distribute ways of attacking phones globally, has massively reduced the barrier to intercepting mobile phone calls. This change was demonstrated dramatically in February 2010 when, at a conference in Washington, a hacker published what he claimed to be a viable mobile phone hack using open source software and $1,400 of equipment.2 It is tempting to think that one solution is to simply upgrade the standard of encryption in mobile networks, and at
an individual device level this would be correct. But the sheer scale of the undertaking – with more than four billion users and billions of dollars of infrastructure worldwide – makes this, at best, a longterm project. And even then, it would only address the problem of interception in the airwaves and not in the mobile carrier itself or the connections between them. So, the problem of mobile phone interception is real, growing and unlikely to be eliminated in the foreseeable future.
The evidence For an organisation, knowing whether mobile phone calls have been intercepted at all is difficult. There is rarely a test that can be done, other than looking at the consequences of a lost deal or finding secret information in the public domain. However, there is an increasing number of publicised instances of interception activities being discovered worldwide. The problem shows a wide geographical variation, both in the number of instances and in the public perception of risk. In the US and mainland Europe, the perception of risk is relatively low. However, travel to Latin America or some parts of Asia and the perception of the issue has reached the consumer with advertisements on mainstream television for protection equipment. Nevertheless, few executives travelling around the world have taken special measures to secure their mobile phone conversations. The 2005 annual report to the US Congress on Foreign Economic Collection and Industrial Espionage stated that 108 countries were involved in collection efforts against sensitive and protected US technologies.3 In the US state of Massachusetts on 1 March
September 2010
Feature 2010, a law came into force mandating that any business conducting business with Massachusetts citizens must encrypt the citizens’ personal data whenever this is stored on portable devices or transmitted wirelessly.4
Widespread instances More widely, there are numerous instances of phone interception, both over the air and in the network. In 2010, Romanian law enforcement authorities arrested 50 people for allegedly using off-the-shelf software to monitor other people’s cellphone communications.5 A technician who worked in a Lebanese mobile phone operator was arrested for being an Israeli spy and having provided access to phone calls for 14 years.6 The Indian Parliament was disrupted by politicians protesting at alleged government-sponsored cellphone wiretapping.7 A Mexican spy centre was discovered, including a specially equipped mobile van unit, alleged to be used for intercepting politicians, businessmen and journalists.8 And the ex-mistress of the excaptain of the England football team sued for alleged mobile phone interception.9
“Eavesdropping went on for months during the Athens Olympics and was only discovered accidentally, during an unrelated investigation into the performance of the mobile network” In 2009, hackers released a codebook of pre-computed keys that enables decryption of GSM calls, and demonstrated a GSM interception kit built for less than $1,500.10 In 2008, Anthony Pellicano – dubbed the ‘PI to the stars’ – was jailed for 15 years for wiretapping activities that he performed on demand against a large number of celebrities and C-level executives.11 The FBI found recordings of conversations that stretched back almost ten years. Also in 2008, it was found that journalists at the British tabloid newspaper, News of the World, routinely hired private investigators to break into voice mailboxes of various celebrities, businessmen
September 2010
Figure 1: Mobile networks under attack from a variety of directions.
and dignitaries – a controversy that has recently resurfaced. Not all espionage is concerned with blackmail, corporate secrets or matters of national security – in this case it was simply about having exclusive news information. In 2004 to 2005, Greek government communications were the target of sophisticated tapping operations that compromised the mobile phone calls of the Prime Minister, the Minister of Defence, the Minister of Justice and the Head of the Greek Intelligence Service.12 Eavesdropping went on for months during the Athens Olympics and was only discovered accidentally, during an unrelated investigation into the performance of the mobile network. Calls were not intercepted over the air. Instead, the attackers wiretapped government officials using the lawful interception capabilities built into the network.
of significant data loss in Tier-1 US corporations was $1.3m per incident.14 Perhaps more surprisingly, 61% of companies believed that such losses occurred at least monthly. Mobile phones were cited alongside malware and viruses as key means of obtaining this sort of information. The business risk falls into broad categories: • Economic loss from the interception of critical business information such as business deals, commercial negotiation status and future plans. • Economic and reputational loss from the interception of critical trade secrets and intellectual property, such as algorithms, formulae and processes. • The threat to the welfare of individuals when travelling in dangerous environments (for instance, targeted kidnappings in Africa and Latin America).
Quantifying the business risk
“Common scenarios, such as conference calls attended by executives dialling in on their cellphone, may pose a serious threat to highly sensitive personal or corporate information”
In 2009, market research firm ABI published figures stating that in 79% of companies mobile phones were routinely used to discuss information that, if intercepted, would lead to material loss to the business, yet less than one in five had in place adequate measures to address this risk.13 In 2010, the US-based Ponemon Institute published an authoritative research paper regarding phone interception in which it found that the average cost
The cost to the business is not just the direct cost of the loss itself. More significant is the indirect cost in terms of reputation, potential litigation, privacy infringement and loss of confidence in the organisation. Company directors and
Network Security
5
Feature officers are particularly at risk if they inadvertently reveal information that has an impact on the company’s share price or valuation. “Cellular communications are ubiquitous in business and will only become more prevalent as worker mobility grows, yet the risk to information security is often overlooked,” says Larry Ponemon, chairman and founder, Ponemon Institute. “Common scenarios, such as conference calls attended by executives dialling in on their cellphone, may pose a serious threat to highly sensitive personal or corporate information if proper precautions are not taken to ensure business information integrity.” Even relatively innocuous-seeming business information may in fact be highly sensitive. For instance, the weekly global sales call with sales personnel calling in from all around the world is particularly vulnerable. It is clear that such meetings, which often occur at fixed intervals, such as the same time each week, provide a wealth of critical real-time business information to invaders, and would be a prime target for attackers.
Threat vectors To understand the problem in more detail, it is helpful to break down the attacks into their relevant categories: • Passive attack – listening in to the airwaves to intercept a call. Requires the ability to decrypt the mobile phone signal and is completely undetectable. Historically this required expensive equipment ($100,000+) and considerable expertise but is now possible for a fraction of this cost, thanks to information published on the Internet in 2010. • Active attack – a classic man-inthe-middle attack, seeking to overhear and pass on conversations. Has the ability to capture thousands of calls simultaneously and to turn off encryption, simplifying the data gathering. Is more detectable, although few networks today actively manage the threat. • In-network attack – favoured by government agencies, particularly in countries with less developed legal 6
Network Security
systems. The established mechanisms for legal interception of calls for law enforcement purposes can be re-used to provide commercial information. • In-device attack – a physical bug or software is loaded into the target phone. Requires physical access to the phone but is technically simple to execute. Passive attacks rely on the ability of the attacker to decrypt the captured information. Historically this has been difficult. However, in December 2009, the Chaos Computer Club published on the Internet a ‘code book’ that allows a particular type of approach known as a rainbow table attack.15 In this attack, the pre-computed code book reduces the search space needed to determine the encryption key used, trading off memory for computational requirement. The initial code books were over 3TB in size but have subsequently reduced to less than 1TB, which can routinely fit on to a consumer hard disk drive. A modest computer can, apparently, decrypt a mobile phone call in minutes (the time taken to decrypt the call varies depending on the depth of search that is needed to find the key). Active attacks rely on limitations of the early GSM networks. In 2G networks, the designers were concerned to ensure that a rogue phone could not attach to the network and so run up invalid call costs. However, the authentication the other way is much weaker. In essence, if a mobile base station has the same mobile network identifier code as the phone (a list of which is available in the public domain), the phone will connect to the base station with the strongest signal. An attacker can use open source mobile network software to create a fake base station, waits for the target cellphone to connect to it and then routes the call traffic back into the network, generally recording the calls at the same time. Such attacks only operate within the geographical vicinity of the base station but this can sometimes be an advantage for the attacker – for instance, if the attack was mounted from the parking area of a major corporation, one would expect the majority of intercepted calls to come from that corporation.
This is an example of an ‘aggregation risk’ where valuable information is concentrated into one place to make the value of an attack higher and therefore worth a greater level of effort by the attacker.
Hands-on attacks While the above are attacks performed at a distance, if the attacker has access to the phone itself then there is a variety of measures that can be taken, in much the same way as if a laptop were to be compromised. The protection measures are similar as well – the use of anti virus software; remote device management that restricts the applications that can be loaded onto the device; and the use of passwords to make it difficult for the intruder to get into the phone. Of course, none of this prevents the use of a hardware bug placed into the phone but that falls into the wider category of physical bugs that are not specific to mobile phones. It’s clear from the list above that all parts of the communication path are potentially vulnerable. The problem is more pronounced when operating in countries where the legal environment around information and telecoms is less well managed than in major democracies. For the business executive the options are stark: • Take the risk • Don’t use mobile phones in areas of risk • Deploy technology solutions to improve security when it is needed. Traditional answers to the problem have involved the first two items above. It is well documented that mobile phones are used for sensitive conversations and some companies have explicit company policies banning the use of mobiles, particularly outside of the home nation. However, while taking care goes some way to addressing the problem, companies are now looking to technology to address the issue.
Encrypting mobile phone calls Mobile phones have evolved from small, embedded devices to full-blown
September 2010
Feature
Figure 2: An end-to-end mobile voice encryption solution.
computers with a communications capability. This increase in power enables phones running applications to undertake tasks that were unthinkable just five years ago. Now, the security industry is using the mobile phone itself to add a highstrength encryption layer to voice communications to secure conversations from microphone to earpiece, irrespective of the network that conversation travels over. A typical modern mobile phone encryption solution is shown in Figure 2. It utilises IP technology to transmit voice data over the Internet and comprises client software applications on the two phones that communicate securely, along with a central server that helps the phones connect securely to each other as well as providing high-performance connectivity. The server does not decrypt the actual calls – this is performed only by client software on each phone, with the server streaming the encrypted calls over the network. In discussing a phone conversation between phones A and B (users ‘Alice’ and ‘Bob’) the four critical elements of a security system are: • Confidentiality – the communication must be confidential. No untrusted third party can listen to the communication between Alice and Bob. • Authentication – both parties need to be able to strongly authenticate each other. Alice must be sure she is speaking with Bob. • Integrity – what Alice is communicating must be what Bob is listening to. No third party must be able to alter the communication, without the
September 2010
change being detected by Bob. • Forward secrecy – past communications cannot be decrypted even if the private keys (or session keys) from one handset are leaked. These objectives are achieved using a series of closely choreographed communications between Alice and Bob’s phones and a range of industry-standard cryptographic algorithms. It is a characteristic of modern cryptography that algorithms themselves are not secret but the secrecy comes from the mathematical complexity of the encryption and the use of keys. In fact, most of the best algorithms are freely available in the public domain and so have had the greatest levels of cryptographic scrutiny. Even so, it is not unknown for algorithms used for many years to be discovered to have flaws, as occurred in early 2010 when Adi Shamir, one of the luminaries of cryptography, demonstrated flaws in the encryption used in 3G mobile networks that were inadvertently added when the algorithms were optimised for mobile use.
“Current day smartphones have plenty of computational power to be able to deliver encryption in real time” The cryptographic process flow follows two stages. The first phase is authentication, which uses an asymmetric cipher to guarantee that Alice and Bob are communicating with each other and nobody else. This typically uses Public Key Infrastructure (PKI) algorithms such as
2048-bit RSA, DSA and Elliptic Curve Diffie Hellman to achieve this. Such algorithms are effective but computationally expensive so the next stage is for each terminal to negotiate a unique, randomly generated, one-time key that will be used for a much more efficient symmetric encryption algorithm (one that can be decrypted using the same key as that for encryption). The de facto industry standard is the very strong 256-bit AES algorithm that is routinely found in products suitable for the most sensitive government and military applications. Current day smartphones have plenty of computational power to be able to deliver such encryption in real time. Symmetric keys are always discarded following the call to ensure that even if the call were to be recorded, and somehow the master keys extracted from the phone, it would not be possible to recreate the symmetric keys and so decrypt the calls. This is what is known as forward secrecy.
The additional challenges of mobile Mobile phones were originally designed to carry relatively low bandwidth voice traffic. Early mobile networks added Circuit Switched Data (CSD) to allow faxes and other data to be sent over phone lines and some companies used this technology to offer encrypted voice solutions (in fact, many military offerings still use this). However, CSD suffers from low bandwidth, long latencies and poor reliability with international communications, forcing most providers to look for alternative ways to deliver encrypted voice. With the addition of Internet Protocol (IP) data connectivity to 2G mobile networks at the turn of the century, the stage was set to allow companies to provide encrypted voice as Voice over IP (VoIP) on top of mobile phone networks. This has the advantage of high quality, low latency and universal provision worldwide. The reality is more complex. While mobile networks offer IP data, they do not generally offer Quality of Service
Network Security
7
Feature (QoS) and suffer both delays and limited bandwidth. In addition, the networks routinely close the data connection on a repeated basis, requiring the mobile phone to continuously ‘ping’ the network, using valuable battery power. Industry algorithms such as Session Initiation Protocol (SIP), Real-time Transport Protocol (RTP) and Secure RTP (SRTP), which are common in computer networks, are not suitable for mobile devices except in the rare cases where a high bandwidth network is available. While network speeds are ever increasing with 3G, 3.5G and now 4G technologies, it is worth noting that the rollout of these new technologies is often slow, and in 2012 it is predicted that 85% of the world’s population will still only have access to low-speed 2G networks. So the idea that mobile network speeds will increase to make the data use a non-issue is false. A number of vendors have addressed this with the emergence of optimised communication protocols that strip out the unnecessary elements of the communication path in order to make a solution that works reliably on mobile phones. This is essential, not only for working in countries with less developed infrastructure but also in well-developed economies away from major cities or in areas where the 3G signal is blocked – for instance, indoors.
BlackBerry, iPhone, Symbian and Android The rise of mass-market smartphones, with their computing power and the ability to run after-market applications, has made voice security more accessible to far more people in the enterprise and government. No longer do executives need to carry separate phones to make secure calls. Now the capability can easily be added to their existing corporate mobile phones. The selection of phone is largely a personal or business choice. Some manufacturers are particularly renowned for their security, such as BlackBerry, whereas other devices are variations on conventional consumer products. Today, many of these consumer-oriented products lack important security features such as 8
Network Security
Figure 3: Voice encryption to landlines, mobiles and other communication devices.
remote management, but the manufacturers are progressively adding these. Whichever one is selected, the principle is the same. The device encrypts the call, sends the encrypted data over the public network (we don’t care who listens in – the data is encrypted after all) and is decrypted at the receiving phone. There are no back doors, no points in the chain where the voice is in the clear and can be intercepted along the transmission path. This is essential and allows such devices to be used on completely untrusted networks, such as public wifi hotspots, in the knowledge that even if the encrypted stream is intercepted, it will not provide any useful information to the attacker. All of this relies on the quality of the encryption solution and the trustworthiness of the vendor. For instance, does the vendor have access to the keys (and so can listen into calls)? One way of gaining confidence in products is to look at their certifications. One of the most prevalent is the FIPS 140-2 certification from the US National Institute of Standards and Technology (NIST). Companies whose products have been validated to this standard are listed publicly on the NIST website.16 Similarly, a number of nation states operate certification programmes specifically aimed at the country in question, and the Common Criteria programme aims to offer a standard that is
portable across different countries. So that’s it? Just deploy this across the organisation and all will be well? Well, not quite. As with many solutions, there is more to it than that.
Mobile to ‘everywhere’ calling While mobile-to-mobile calling is the natural focus of interception solutions, the market requirement is, more generally, the ability to extend an existing ‘good enough’ telecom infrastructure to mobile phones. This means adding the ability to link mobiles to landlines and corporate telephony infrastructure and to be able to access many of the services that are available to those devices, such as conference calling, voicemail and dial-through. To some this may sound like Fixed Mobile Convergence or Universal Communications, in which the mobile phone is considered to be an extension of a corporate phone network with single number dialling and other integration features with ‘good enough’ security. Secure calling is, however, solving a different problem – high-security calling with ‘good enough’ integration. The use of IP as a bearer for calling makes for straightforward integration with existing phone networks, VoIP
September 2010
Feature solutions and even satellite communications. The network provides connectivity at the IP level and the details of implementation do not impact the secure calling process. A number of companies offer secure gateway products that enable mobile phones to connect to the existing Private Branch Exchange (PBX) within the enterprise and to make secure calls from mobile devices to the existing landline network. These calls can then be routed from the enterprise as required, in some cases to other landlines outside the business, following the security policies the organisation already has in place. This is particularly valuable in protecting travelling executives who use normal phones in their (trusted) home locations but want to have additional security when calling from certain countries.
“The policy should state how and when devices can be used and the measures needed to protect users. Such policies are optional today but increasingly are regarded as part of corporate good governance” Similarly, the ability to add calling over satellite from the same mobile phone allows communication from remote sites – for instance, at an oil rig or from ships or aircraft. It is this ability to be able to offer communication using a variety of means from the same device that makes secure calling technology truly useful to the mainstream user.
Securing the security Technology is a great benefit but it only addresses one problem that is part of a wider programme of secure voice usage. It is still surprising how many people are prepared to shout out all their credit card details, including security codes, on a crowded train. Similarly, leaving a phone lying around is an opportunity for a dedicated attacker to put a physical bug within a phone itself. Sometimes even taking the battery out is not enough – the battery may be a physical bug with its own built-in transmitter (yes, they do exist).
September 2010
Instead, it’s a balance of risk. The objective of any security system is to make the cost of breaking the protection higher than the expected return. Mobile phone encryption adds a simple way of raising the bar to would-be interceptors and securing corporate data. Ponemon recommends that all companies have a voice security policy. The policy should state how and when devices can be used and the measures needed to protect users. Such policies are optional today but are increasingly regarded as part of corporate good governance. With the availability of relatively low cost and simple means to protect calls, a company that chose to simply ‘take the risk’ in an obviously risky environment – in Asia, for instance – and was later compromised could reasonably expect questions from an insurer or shareholder as to whether it had acted negligently. Best practice or voice security policies for mobile phones should include these dictats: • Never assume that calls are secure unless you have deliberately implemented suitable security measures to protect your specific calls end-to-end. This includes VoIP calls. • Keep your phone safe, and do not leave it unattended, in the same way as your bankcard. Skilled attackers can take just a few moments to install a malicious programme, compromise the security of the SIM card or install a special battery with a bug in it, any of which can be used later to intercept or decrypt calls. • Use and protect your phone and voicemail PINs in the same way as your bankcard PIN. Never leave confidential messages in voicemails or sent as texts. Received texts on a phone in particular are rarely encrypted and mobile phone voicemails can be accessed from any phone with the PIN. • Be vigilant, to prevent malicious use of your phone. Be wary of downloads, SMS/MMS texts, emails, system messages or events on your phone that you did not ask for, initiate or expect (even from known contacts as malware can utilise address book information). Cancel, remove or destroy them without actioning them. Turn off Bluetooth, infrared and wifi if you
are not using them and turn off the phone or set it to flight mode if you don’t need it. Remove the battery as an extreme precaution. Install the latest patches for the operating system of your phone and use anti-malware software. Regularly check that the phone’s configuration and settings have not changed. Check for irregular battery usage and irregular activities on the phone bill. Simplify device settings and minimise use of add-on applications, plug-ins, and Internet access. • Check your signal and force the phone to use 3G where possible: calls on newer technologies like 3G or LTE are more secure than 2G but be aware that the phone is often configured to fall back to 2G when 3G is unavailable. Also, a 3G call can be eavesdropped if connected to a GSM base station and an encrypted 3G call can be recorded and decrypted later after intercepting a 2G call on the same handset, because of a known key vulnerability. • Use voice call encryption software on your phone – it works everywhere your phone does and it is as simple to use as making a normal phone call. Ensure it uses end-to-end encryption and that you trust the key management.
Basic measures If you are unable to implement some of the above steps (such as using encryption software) and urgently need to discuss confidential matters over a mobile phone, there are some basic safety measures you can take: • Buy or rent a phone with a pre-paid calling plan for temporary use. • Chose a location where you can’t be overheard. • Cover your mouth so you can’t be lip-read. • Talk quietly and be brief. • Use code words, or obfuscate information. Often the value of confidential information decreases rapidly with time so delayed information may be useless to an attacker. • Split information across different communication channels (eg, voice, emails and text messages etc, so that information is incomplete and meaningless on its own).
Network Security
9
Feature
Prioritising rollout Most companies elect to roll out voice security progressively in the organisation, starting with those most at risk. Highrisk individuals include: • The executive team. With the most confidential information and frequently travelling widely, the executive team is a natural candidate for phone interception. • People handling sensitive information – a surprisingly long list. Lawyers, workers in finance, marketing, product development, sales and even support are often prime candidates. Even the PA of senior managers has a routine need to discuss confidential topics, including travel plans. • People travelling to dangerous environments. Companies have a duty of care to their employees. It is documented that mobile phone interception has been used to target individuals for kidnap and robbery in countries where such behaviour is more common. Companies have to assess the risk to the individual and determine whether adding mobile phone encryption will address a potential risk to individual safety. • Key customers, suppliers and advisors. On major contracts it is often the personnel on the fringes of the business that are used as a point of attack. Lawyers, financiers and security consultants all fall into this category. Already a number of legal firms provide encrypted mobile phones to their customers for the duration of contract negotiations and this practice is likely to increase. The rollout process involves a range of departments including those responsible for phone purchase, IT and risk management and requires management in the same way as any other major IT technology implementation.
Rapidly growing problem The problem of interception is on the rise worldwide. Every week the press has stories of phone calls intercepted and the information used for purposes other than 10
Network Security
intended. Frequently these cases refer to politicians, such as the individuals jailed in France for intercepting Carla Bruni, the wife of President Sarkozy of France, or the activities of Silvio Berlusconi of Italy.17,18 Such cases usually refer to loss of privacy but rarely have a business impact. However, cases involving business usually go unreported.
“Interception does happen and private discussions with CIOs will usually lead to confessions that their organisation, or one they know, has suffered” This is partly because few companies wish to be seen to have insecure communications, but mainly because companies do not find out they have been intercepted until well after the event (if at all). The recent survey of CIOs reported that 80% of respondents believed they would not find out directly if they had been intercepted. But interception does happen and private discussions with CIOs will usually lead to confessions that their organisation, or one they know, has suffered, sometimes resulting in costs, in terms of lost business, of hundreds of millions of dollars. Such losses can no longer be thought of as a remote possibility. Nor can interception be thought of as something that is only in the domain of governments and sophisticated criminal organisations. The code needed to create a complete GSM listening station has been published freely on the Internet, using software that was developed to create an open source version of a GSM network. This software can be coupled with a device known as a Universal Software Radio Peripheral (USRP), which is able to mimic a wide range of radio devices using software. The device can be configured to be a wifi base station, Bluetooth device or a mobile phone base. These developments, along with information on how to crack GSM encryption have brought phone interception into the realm of graduate students on a summer project and groups are known to be actively working on such systems in Eastern European and Asian
countries, presumably for use worldwide. While the past is not always a reliable predictor, the trend is for mobile phone interception to become more widespread, the cost to go down and the number of instances reported to increase. In addition, there is no simple measure on the horizon that will fix the problem within the mobile networks themselves. We will all need to get used to the idea that conversations on mobile phones are not secure. Companies across the globe are becoming aware of this growing threat and taking action to counter it. A combination of awareness, policy and technology measures is the recommended way to ensure that business secrets stay that way.
Legislation, corporate governance and responsibility To see the likely direction for voice encryption legislation, it is useful to look at the closely related area of data encryption. After all, all mobile voice traffic is sent in digital form so the distinction between text and voice, where both are carried over a data network, is slender. Encryption of data to protect privacy is increasingly entering the regulatory framework. In the US, both California and Massachusetts have laws requiring the encryption of personal data on mobile devices.19
“Companies should consider mobile voice security as another corporate risk, requiring planning and action in just the same way as data security for laptops and internal networks” As the risks of mobile phone interception and the ability to protect against the threat become both more widespread and better understood, it seems reasonable that companies will come under increasing pressure to demonstrate appropriate measures to control the risks as part of a wider corporate risk management policy. The degree to which this is the case is yet to be tested in the courts, but the signs are that CIOs are increasingly considering
September 2010
Feature voice security within the overall IT protection policies of the organisation for vulnerable individuals.
Taking action One of the challenges of mobile phone security is the question of ownership within the organisation. Phones have an unclear home in most organisations, with IT departments that take complete ownership for laptops and internal networks often disconnected from mobile phone usage except where the devices need to connect to the company’s systems for email and data services. In some organisations, the ownership of phone interception risk comes from the top – the board or corporate audit/ risk committee who recognise the corporate risk associated with such information loss. However, today, this is not the norm. Instead, only a small proportion of companies have deployed any form of mobile phone protection and while 75% claim to have policies on voice security, this often extends only as far as advice to be careful where mobile phones are used. Clearly, such simple advice is no longer adequate and companies should consider mobile voice security as another corporate risk requiring planning and action, in just the same way as data security for laptops and internal networks.
About the author Simon Bransfield-Garth is CEO of Cellcrypt, which provides technology to secure mobile voice calls on smartphones. He has a wealth of international business and management experience from a career that spans more than 20 years with technology-based companies. Much of his experience is in the mobile communications industry and he was VP of global marketing at Symbian and, more recently, managing director for Europe and chief marketing officer at CarrierIQ, a provider of service intelligence solutions to mobile carriers. Bransfield-Garth has a PhD from Cambridge University and is also a chartered engineer, marketer and director.
September 2010
References 1. ‘Camillagate tapes deplored’. The Independent. 28 January 1993. 2. Paget, Chris; Hohl, Karsten. ‘GSM: SRSLY?’. Presentation at ShmooCon 2010, 6 Feb 6th, Washington DC, US. . 3. ‘Annual Report to Congress on Foreign Economic Collection and Industrial Espionage 2005’. Office of the National Counterintelligence Executive, August 2006. . 4. The Massachusetts law, 201 CMR 17.00 or Standards for The Protection of Personal Information of Residents of the Commonwealth. 5. Goodin, Dan. ‘50 arrested in smartphone spyware dragnet, cop, judge, and parliamentarian among the suspects’. The Register, 1 July 2010. . 7. Page, Jeremy. ‘Indian Government to answer claims it tapped ministers’ phones’. The Times, 26 April 2010. 8. ‘Descubre Ejército centro de espionaje en Cancún’. El Universal, 15 April 2010. . 9. Davies, Nick. ‘Inquiry over Vanessa Perroncel phone-tapping allegations’. The Guardian, 10 April 2010. 10. O’Brien, Kevin. ‘Cellphone Encryption Code Is Divulged’. New York Times, 28 December 2009.
11. Gardner, David. ‘Private eye to the stars’ Anthony Pellicano jailed for 15 years for phone tapping rich and famous’. Daily Mail, 16 December 2008.. 12. Leyden, John. ‘Greece rocked by mobile phone tapping scandal’. The Register, 6 February 2006. . 15. Fildes, Jonathan. ‘Secret mobile phone codes cracked’. BBC News, 29 December 2009. . 16. FIPS 140-2 Certification. National Institute of Standards and Technology. . 17. ‘Carla Bruni’s mobile phone tapped’. Daily Telegraph, 27 February 2009. . 18. Pisa, Nick. ‘Italy’s corruption police tape the Pope’s phone calls’. Daily Mail, 11 June 2010. . 19. California’s SB 1386 and AB 1950 Acts.
Network Security
11
Mobile phone calls as a business risk Simon Bransfield-Garth, Cellcrypt
Simon BransfieldGarth
Mobile phone technology is under attack, leaving users and businesses vulnerable. Much has been written on the data risk to businesses from mobile phones but it’s only recently that the risk of voice call interception has hit the headlines. Now businesses have to face up to the challenge of securing corporate information without unduly restricting the use of this essential business tool. Mobile phone use has grown rapidly since the first mobile call in 1973 to become the most universal technology in the world, with more than four billion people (well over half the global population) connected.
High-profile casualties Many people will remember the days of analogue mobile phones and stories of private investigators driving around with radio scanners, seeking out conversations. There was a number of high profile casualties who hit the headlines at the time, including – allegedly – members of the UK Royal Family.1 This problem largely disappeared in 1988 with the introduction of 2G, or GSM, mobile networks. The digital nature of the communications allowed encryption of the mobile air communications, making scanners useless. And so the problem disappeared from the radar for a while. In 1988, mobile phones typically used (by today’s standards) primitive processors and only a few kilobytes of memory. This had an impact on the design of mobile networks and was a factor in the choice of encryption used. The algorithms had to be consistent with the limited computational power available in the early devices. By 2010, the memory in a typical mobile phone has grown well over 10,000 times and the processing power has massively increased to the point where today’s smartphones would outpace high-end computers of just a few years ago. However, the encryption 4
Network Security
algorithms used in GSM networks were set down in formal standards, and so the ones used today are very similar to those specified in 1988. Although 3G networks often use a stronger cipher, known as A5/3, 2G networks (or 3G networks that switch automatically to 2G in poor coverage areas) routinely use the much weaker A5/1 algorithm that was originally specified. And in some countries, encryption is turned off altogether.
“Recent information coming from the hacker community and the ability of the Internet to distribute ways of attacking phones globally has massively reduced the barrier to intercepting mobile phone calls” The massive growth in everyday computing capability in the past 25 years means that networks are open to a degree of brute force attack that was never envisaged by the founding fathers. This, coupled with recent information coming from the hacker community and the ability of the Internet to distribute ways of attacking phones globally, has massively reduced the barrier to intercepting mobile phone calls. This change was demonstrated dramatically in February 2010 when, at a conference in Washington, a hacker published what he claimed to be a viable mobile phone hack using open source software and $1,400 of equipment.2 It is tempting to think that one solution is to simply upgrade the standard of encryption in mobile networks, and at
an individual device level this would be correct. But the sheer scale of the undertaking – with more than four billion users and billions of dollars of infrastructure worldwide – makes this, at best, a longterm project. And even then, it would only address the problem of interception in the airwaves and not in the mobile carrier itself or the connections between them. So, the problem of mobile phone interception is real, growing and unlikely to be eliminated in the foreseeable future.
The evidence For an organisation, knowing whether mobile phone calls have been intercepted at all is difficult. There is rarely a test that can be done, other than looking at the consequences of a lost deal or finding secret information in the public domain. However, there is an increasing number of publicised instances of interception activities being discovered worldwide. The problem shows a wide geographical variation, both in the number of instances and in the public perception of risk. In the US and mainland Europe, the perception of risk is relatively low. However, travel to Latin America or some parts of Asia and the perception of the issue has reached the consumer with advertisements on mainstream television for protection equipment. Nevertheless, few executives travelling around the world have taken special measures to secure their mobile phone conversations. The 2005 annual report to the US Congress on Foreign Economic Collection and Industrial Espionage stated that 108 countries were involved in collection efforts against sensitive and protected US technologies.3 In the US state of Massachusetts on 1 March
September 2010
Feature 2010, a law came into force mandating that any business conducting business with Massachusetts citizens must encrypt the citizens’ personal data whenever this is stored on portable devices or transmitted wirelessly.4
Widespread instances More widely, there are numerous instances of phone interception, both over the air and in the network. In 2010, Romanian law enforcement authorities arrested 50 people for allegedly using off-the-shelf software to monitor other people’s cellphone communications.5 A technician who worked in a Lebanese mobile phone operator was arrested for being an Israeli spy and having provided access to phone calls for 14 years.6 The Indian Parliament was disrupted by politicians protesting at alleged government-sponsored cellphone wiretapping.7 A Mexican spy centre was discovered, including a specially equipped mobile van unit, alleged to be used for intercepting politicians, businessmen and journalists.8 And the ex-mistress of the excaptain of the England football team sued for alleged mobile phone interception.9
“Eavesdropping went on for months during the Athens Olympics and was only discovered accidentally, during an unrelated investigation into the performance of the mobile network” In 2009, hackers released a codebook of pre-computed keys that enables decryption of GSM calls, and demonstrated a GSM interception kit built for less than $1,500.10 In 2008, Anthony Pellicano – dubbed the ‘PI to the stars’ – was jailed for 15 years for wiretapping activities that he performed on demand against a large number of celebrities and C-level executives.11 The FBI found recordings of conversations that stretched back almost ten years. Also in 2008, it was found that journalists at the British tabloid newspaper, News of the World, routinely hired private investigators to break into voice mailboxes of various celebrities, businessmen
September 2010
Figure 1: Mobile networks under attack from a variety of directions.
and dignitaries – a controversy that has recently resurfaced. Not all espionage is concerned with blackmail, corporate secrets or matters of national security – in this case it was simply about having exclusive news information. In 2004 to 2005, Greek government communications were the target of sophisticated tapping operations that compromised the mobile phone calls of the Prime Minister, the Minister of Defence, the Minister of Justice and the Head of the Greek Intelligence Service.12 Eavesdropping went on for months during the Athens Olympics and was only discovered accidentally, during an unrelated investigation into the performance of the mobile network. Calls were not intercepted over the air. Instead, the attackers wiretapped government officials using the lawful interception capabilities built into the network.
of significant data loss in Tier-1 US corporations was $1.3m per incident.14 Perhaps more surprisingly, 61% of companies believed that such losses occurred at least monthly. Mobile phones were cited alongside malware and viruses as key means of obtaining this sort of information. The business risk falls into broad categories: • Economic loss from the interception of critical business information such as business deals, commercial negotiation status and future plans. • Economic and reputational loss from the interception of critical trade secrets and intellectual property, such as algorithms, formulae and processes. • The threat to the welfare of individuals when travelling in dangerous environments (for instance, targeted kidnappings in Africa and Latin America).
Quantifying the business risk
“Common scenarios, such as conference calls attended by executives dialling in on their cellphone, may pose a serious threat to highly sensitive personal or corporate information”
In 2009, market research firm ABI published figures stating that in 79% of companies mobile phones were routinely used to discuss information that, if intercepted, would lead to material loss to the business, yet less than one in five had in place adequate measures to address this risk.13 In 2010, the US-based Ponemon Institute published an authoritative research paper regarding phone interception in which it found that the average cost
The cost to the business is not just the direct cost of the loss itself. More significant is the indirect cost in terms of reputation, potential litigation, privacy infringement and loss of confidence in the organisation. Company directors and
Network Security
5
Feature officers are particularly at risk if they inadvertently reveal information that has an impact on the company’s share price or valuation. “Cellular communications are ubiquitous in business and will only become more prevalent as worker mobility grows, yet the risk to information security is often overlooked,” says Larry Ponemon, chairman and founder, Ponemon Institute. “Common scenarios, such as conference calls attended by executives dialling in on their cellphone, may pose a serious threat to highly sensitive personal or corporate information if proper precautions are not taken to ensure business information integrity.” Even relatively innocuous-seeming business information may in fact be highly sensitive. For instance, the weekly global sales call with sales personnel calling in from all around the world is particularly vulnerable. It is clear that such meetings, which often occur at fixed intervals, such as the same time each week, provide a wealth of critical real-time business information to invaders, and would be a prime target for attackers.
Threat vectors To understand the problem in more detail, it is helpful to break down the attacks into their relevant categories: • Passive attack – listening in to the airwaves to intercept a call. Requires the ability to decrypt the mobile phone signal and is completely undetectable. Historically this required expensive equipment ($100,000+) and considerable expertise but is now possible for a fraction of this cost, thanks to information published on the Internet in 2010. • Active attack – a classic man-inthe-middle attack, seeking to overhear and pass on conversations. Has the ability to capture thousands of calls simultaneously and to turn off encryption, simplifying the data gathering. Is more detectable, although few networks today actively manage the threat. • In-network attack – favoured by government agencies, particularly in countries with less developed legal 6
Network Security
systems. The established mechanisms for legal interception of calls for law enforcement purposes can be re-used to provide commercial information. • In-device attack – a physical bug or software is loaded into the target phone. Requires physical access to the phone but is technically simple to execute. Passive attacks rely on the ability of the attacker to decrypt the captured information. Historically this has been difficult. However, in December 2009, the Chaos Computer Club published on the Internet a ‘code book’ that allows a particular type of approach known as a rainbow table attack.15 In this attack, the pre-computed code book reduces the search space needed to determine the encryption key used, trading off memory for computational requirement. The initial code books were over 3TB in size but have subsequently reduced to less than 1TB, which can routinely fit on to a consumer hard disk drive. A modest computer can, apparently, decrypt a mobile phone call in minutes (the time taken to decrypt the call varies depending on the depth of search that is needed to find the key). Active attacks rely on limitations of the early GSM networks. In 2G networks, the designers were concerned to ensure that a rogue phone could not attach to the network and so run up invalid call costs. However, the authentication the other way is much weaker. In essence, if a mobile base station has the same mobile network identifier code as the phone (a list of which is available in the public domain), the phone will connect to the base station with the strongest signal. An attacker can use open source mobile network software to create a fake base station, waits for the target cellphone to connect to it and then routes the call traffic back into the network, generally recording the calls at the same time. Such attacks only operate within the geographical vicinity of the base station but this can sometimes be an advantage for the attacker – for instance, if the attack was mounted from the parking area of a major corporation, one would expect the majority of intercepted calls to come from that corporation.
This is an example of an ‘aggregation risk’ where valuable information is concentrated into one place to make the value of an attack higher and therefore worth a greater level of effort by the attacker.
Hands-on attacks While the above are attacks performed at a distance, if the attacker has access to the phone itself then there is a variety of measures that can be taken, in much the same way as if a laptop were to be compromised. The protection measures are similar as well – the use of anti virus software; remote device management that restricts the applications that can be loaded onto the device; and the use of passwords to make it difficult for the intruder to get into the phone. Of course, none of this prevents the use of a hardware bug placed into the phone but that falls into the wider category of physical bugs that are not specific to mobile phones. It’s clear from the list above that all parts of the communication path are potentially vulnerable. The problem is more pronounced when operating in countries where the legal environment around information and telecoms is less well managed than in major democracies. For the business executive the options are stark: • Take the risk • Don’t use mobile phones in areas of risk • Deploy technology solutions to improve security when it is needed. Traditional answers to the problem have involved the first two items above. It is well documented that mobile phones are used for sensitive conversations and some companies have explicit company policies banning the use of mobiles, particularly outside of the home nation. However, while taking care goes some way to addressing the problem, companies are now looking to technology to address the issue.
Encrypting mobile phone calls Mobile phones have evolved from small, embedded devices to full-blown
September 2010
Feature
Figure 2: An end-to-end mobile voice encryption solution.
computers with a communications capability. This increase in power enables phones running applications to undertake tasks that were unthinkable just five years ago. Now, the security industry is using the mobile phone itself to add a highstrength encryption layer to voice communications to secure conversations from microphone to earpiece, irrespective of the network that conversation travels over. A typical modern mobile phone encryption solution is shown in Figure 2. It utilises IP technology to transmit voice data over the Internet and comprises client software applications on the two phones that communicate securely, along with a central server that helps the phones connect securely to each other as well as providing high-performance connectivity. The server does not decrypt the actual calls – this is performed only by client software on each phone, with the server streaming the encrypted calls over the network. In discussing a phone conversation between phones A and B (users ‘Alice’ and ‘Bob’) the four critical elements of a security system are: • Confidentiality – the communication must be confidential. No untrusted third party can listen to the communication between Alice and Bob. • Authentication – both parties need to be able to strongly authenticate each other. Alice must be sure she is speaking with Bob. • Integrity – what Alice is communicating must be what Bob is listening to. No third party must be able to alter the communication, without the
September 2010
change being detected by Bob. • Forward secrecy – past communications cannot be decrypted even if the private keys (or session keys) from one handset are leaked. These objectives are achieved using a series of closely choreographed communications between Alice and Bob’s phones and a range of industry-standard cryptographic algorithms. It is a characteristic of modern cryptography that algorithms themselves are not secret but the secrecy comes from the mathematical complexity of the encryption and the use of keys. In fact, most of the best algorithms are freely available in the public domain and so have had the greatest levels of cryptographic scrutiny. Even so, it is not unknown for algorithms used for many years to be discovered to have flaws, as occurred in early 2010 when Adi Shamir, one of the luminaries of cryptography, demonstrated flaws in the encryption used in 3G mobile networks that were inadvertently added when the algorithms were optimised for mobile use.
“Current day smartphones have plenty of computational power to be able to deliver encryption in real time” The cryptographic process flow follows two stages. The first phase is authentication, which uses an asymmetric cipher to guarantee that Alice and Bob are communicating with each other and nobody else. This typically uses Public Key Infrastructure (PKI) algorithms such as
2048-bit RSA, DSA and Elliptic Curve Diffie Hellman to achieve this. Such algorithms are effective but computationally expensive so the next stage is for each terminal to negotiate a unique, randomly generated, one-time key that will be used for a much more efficient symmetric encryption algorithm (one that can be decrypted using the same key as that for encryption). The de facto industry standard is the very strong 256-bit AES algorithm that is routinely found in products suitable for the most sensitive government and military applications. Current day smartphones have plenty of computational power to be able to deliver such encryption in real time. Symmetric keys are always discarded following the call to ensure that even if the call were to be recorded, and somehow the master keys extracted from the phone, it would not be possible to recreate the symmetric keys and so decrypt the calls. This is what is known as forward secrecy.
The additional challenges of mobile Mobile phones were originally designed to carry relatively low bandwidth voice traffic. Early mobile networks added Circuit Switched Data (CSD) to allow faxes and other data to be sent over phone lines and some companies used this technology to offer encrypted voice solutions (in fact, many military offerings still use this). However, CSD suffers from low bandwidth, long latencies and poor reliability with international communications, forcing most providers to look for alternative ways to deliver encrypted voice. With the addition of Internet Protocol (IP) data connectivity to 2G mobile networks at the turn of the century, the stage was set to allow companies to provide encrypted voice as Voice over IP (VoIP) on top of mobile phone networks. This has the advantage of high quality, low latency and universal provision worldwide. The reality is more complex. While mobile networks offer IP data, they do not generally offer Quality of Service
Network Security
7
Feature (QoS) and suffer both delays and limited bandwidth. In addition, the networks routinely close the data connection on a repeated basis, requiring the mobile phone to continuously ‘ping’ the network, using valuable battery power. Industry algorithms such as Session Initiation Protocol (SIP), Real-time Transport Protocol (RTP) and Secure RTP (SRTP), which are common in computer networks, are not suitable for mobile devices except in the rare cases where a high bandwidth network is available. While network speeds are ever increasing with 3G, 3.5G and now 4G technologies, it is worth noting that the rollout of these new technologies is often slow, and in 2012 it is predicted that 85% of the world’s population will still only have access to low-speed 2G networks. So the idea that mobile network speeds will increase to make the data use a non-issue is false. A number of vendors have addressed this with the emergence of optimised communication protocols that strip out the unnecessary elements of the communication path in order to make a solution that works reliably on mobile phones. This is essential, not only for working in countries with less developed infrastructure but also in well-developed economies away from major cities or in areas where the 3G signal is blocked – for instance, indoors.
BlackBerry, iPhone, Symbian and Android The rise of mass-market smartphones, with their computing power and the ability to run after-market applications, has made voice security more accessible to far more people in the enterprise and government. No longer do executives need to carry separate phones to make secure calls. Now the capability can easily be added to their existing corporate mobile phones. The selection of phone is largely a personal or business choice. Some manufacturers are particularly renowned for their security, such as BlackBerry, whereas other devices are variations on conventional consumer products. Today, many of these consumer-oriented products lack important security features such as 8
Network Security
Figure 3: Voice encryption to landlines, mobiles and other communication devices.
remote management, but the manufacturers are progressively adding these. Whichever one is selected, the principle is the same. The device encrypts the call, sends the encrypted data over the public network (we don’t care who listens in – the data is encrypted after all) and is decrypted at the receiving phone. There are no back doors, no points in the chain where the voice is in the clear and can be intercepted along the transmission path. This is essential and allows such devices to be used on completely untrusted networks, such as public wifi hotspots, in the knowledge that even if the encrypted stream is intercepted, it will not provide any useful information to the attacker. All of this relies on the quality of the encryption solution and the trustworthiness of the vendor. For instance, does the vendor have access to the keys (and so can listen into calls)? One way of gaining confidence in products is to look at their certifications. One of the most prevalent is the FIPS 140-2 certification from the US National Institute of Standards and Technology (NIST). Companies whose products have been validated to this standard are listed publicly on the NIST website.16 Similarly, a number of nation states operate certification programmes specifically aimed at the country in question, and the Common Criteria programme aims to offer a standard that is
portable across different countries. So that’s it? Just deploy this across the organisation and all will be well? Well, not quite. As with many solutions, there is more to it than that.
Mobile to ‘everywhere’ calling While mobile-to-mobile calling is the natural focus of interception solutions, the market requirement is, more generally, the ability to extend an existing ‘good enough’ telecom infrastructure to mobile phones. This means adding the ability to link mobiles to landlines and corporate telephony infrastructure and to be able to access many of the services that are available to those devices, such as conference calling, voicemail and dial-through. To some this may sound like Fixed Mobile Convergence or Universal Communications, in which the mobile phone is considered to be an extension of a corporate phone network with single number dialling and other integration features with ‘good enough’ security. Secure calling is, however, solving a different problem – high-security calling with ‘good enough’ integration. The use of IP as a bearer for calling makes for straightforward integration with existing phone networks, VoIP
September 2010
Feature solutions and even satellite communications. The network provides connectivity at the IP level and the details of implementation do not impact the secure calling process. A number of companies offer secure gateway products that enable mobile phones to connect to the existing Private Branch Exchange (PBX) within the enterprise and to make secure calls from mobile devices to the existing landline network. These calls can then be routed from the enterprise as required, in some cases to other landlines outside the business, following the security policies the organisation already has in place. This is particularly valuable in protecting travelling executives who use normal phones in their (trusted) home locations but want to have additional security when calling from certain countries.
“The policy should state how and when devices can be used and the measures needed to protect users. Such policies are optional today but increasingly are regarded as part of corporate good governance” Similarly, the ability to add calling over satellite from the same mobile phone allows communication from remote sites – for instance, at an oil rig or from ships or aircraft. It is this ability to be able to offer communication using a variety of means from the same device that makes secure calling technology truly useful to the mainstream user.
Securing the security Technology is a great benefit but it only addresses one problem that is part of a wider programme of secure voice usage. It is still surprising how many people are prepared to shout out all their credit card details, including security codes, on a crowded train. Similarly, leaving a phone lying around is an opportunity for a dedicated attacker to put a physical bug within a phone itself. Sometimes even taking the battery out is not enough – the battery may be a physical bug with its own built-in transmitter (yes, they do exist).
September 2010
Instead, it’s a balance of risk. The objective of any security system is to make the cost of breaking the protection higher than the expected return. Mobile phone encryption adds a simple way of raising the bar to would-be interceptors and securing corporate data. Ponemon recommends that all companies have a voice security policy. The policy should state how and when devices can be used and the measures needed to protect users. Such policies are optional today but are increasingly regarded as part of corporate good governance. With the availability of relatively low cost and simple means to protect calls, a company that chose to simply ‘take the risk’ in an obviously risky environment – in Asia, for instance – and was later compromised could reasonably expect questions from an insurer or shareholder as to whether it had acted negligently. Best practice or voice security policies for mobile phones should include these dictats: • Never assume that calls are secure unless you have deliberately implemented suitable security measures to protect your specific calls end-to-end. This includes VoIP calls. • Keep your phone safe, and do not leave it unattended, in the same way as your bankcard. Skilled attackers can take just a few moments to install a malicious programme, compromise the security of the SIM card or install a special battery with a bug in it, any of which can be used later to intercept or decrypt calls. • Use and protect your phone and voicemail PINs in the same way as your bankcard PIN. Never leave confidential messages in voicemails or sent as texts. Received texts on a phone in particular are rarely encrypted and mobile phone voicemails can be accessed from any phone with the PIN. • Be vigilant, to prevent malicious use of your phone. Be wary of downloads, SMS/MMS texts, emails, system messages or events on your phone that you did not ask for, initiate or expect (even from known contacts as malware can utilise address book information). Cancel, remove or destroy them without actioning them. Turn off Bluetooth, infrared and wifi if you
are not using them and turn off the phone or set it to flight mode if you don’t need it. Remove the battery as an extreme precaution. Install the latest patches for the operating system of your phone and use anti-malware software. Regularly check that the phone’s configuration and settings have not changed. Check for irregular battery usage and irregular activities on the phone bill. Simplify device settings and minimise use of add-on applications, plug-ins, and Internet access. • Check your signal and force the phone to use 3G where possible: calls on newer technologies like 3G or LTE are more secure than 2G but be aware that the phone is often configured to fall back to 2G when 3G is unavailable. Also, a 3G call can be eavesdropped if connected to a GSM base station and an encrypted 3G call can be recorded and decrypted later after intercepting a 2G call on the same handset, because of a known key vulnerability. • Use voice call encryption software on your phone – it works everywhere your phone does and it is as simple to use as making a normal phone call. Ensure it uses end-to-end encryption and that you trust the key management.
Basic measures If you are unable to implement some of the above steps (such as using encryption software) and urgently need to discuss confidential matters over a mobile phone, there are some basic safety measures you can take: • Buy or rent a phone with a pre-paid calling plan for temporary use. • Chose a location where you can’t be overheard. • Cover your mouth so you can’t be lip-read. • Talk quietly and be brief. • Use code words, or obfuscate information. Often the value of confidential information decreases rapidly with time so delayed information may be useless to an attacker. • Split information across different communication channels (eg, voice, emails and text messages etc, so that information is incomplete and meaningless on its own).
Network Security
9
Feature
Prioritising rollout Most companies elect to roll out voice security progressively in the organisation, starting with those most at risk. Highrisk individuals include: • The executive team. With the most confidential information and frequently travelling widely, the executive team is a natural candidate for phone interception. • People handling sensitive information – a surprisingly long list. Lawyers, workers in finance, marketing, product development, sales and even support are often prime candidates. Even the PA of senior managers has a routine need to discuss confidential topics, including travel plans. • People travelling to dangerous environments. Companies have a duty of care to their employees. It is documented that mobile phone interception has been used to target individuals for kidnap and robbery in countries where such behaviour is more common. Companies have to assess the risk to the individual and determine whether adding mobile phone encryption will address a potential risk to individual safety. • Key customers, suppliers and advisors. On major contracts it is often the personnel on the fringes of the business that are used as a point of attack. Lawyers, financiers and security consultants all fall into this category. Already a number of legal firms provide encrypted mobile phones to their customers for the duration of contract negotiations and this practice is likely to increase. The rollout process involves a range of departments including those responsible for phone purchase, IT and risk management and requires management in the same way as any other major IT technology implementation.
Rapidly growing problem The problem of interception is on the rise worldwide. Every week the press has stories of phone calls intercepted and the information used for purposes other than 10
Network Security
intended. Frequently these cases refer to politicians, such as the individuals jailed in France for intercepting Carla Bruni, the wife of President Sarkozy of France, or the activities of Silvio Berlusconi of Italy.17,18 Such cases usually refer to loss of privacy but rarely have a business impact. However, cases involving business usually go unreported.
“Interception does happen and private discussions with CIOs will usually lead to confessions that their organisation, or one they know, has suffered” This is partly because few companies wish to be seen to have insecure communications, but mainly because companies do not find out they have been intercepted until well after the event (if at all). The recent survey of CIOs reported that 80% of respondents believed they would not find out directly if they had been intercepted. But interception does happen and private discussions with CIOs will usually lead to confessions that their organisation, or one they know, has suffered, sometimes resulting in costs, in terms of lost business, of hundreds of millions of dollars. Such losses can no longer be thought of as a remote possibility. Nor can interception be thought of as something that is only in the domain of governments and sophisticated criminal organisations. The code needed to create a complete GSM listening station has been published freely on the Internet, using software that was developed to create an open source version of a GSM network. This software can be coupled with a device known as a Universal Software Radio Peripheral (USRP), which is able to mimic a wide range of radio devices using software. The device can be configured to be a wifi base station, Bluetooth device or a mobile phone base. These developments, along with information on how to crack GSM encryption have brought phone interception into the realm of graduate students on a summer project and groups are known to be actively working on such systems in Eastern European and Asian
countries, presumably for use worldwide. While the past is not always a reliable predictor, the trend is for mobile phone interception to become more widespread, the cost to go down and the number of instances reported to increase. In addition, there is no simple measure on the horizon that will fix the problem within the mobile networks themselves. We will all need to get used to the idea that conversations on mobile phones are not secure. Companies across the globe are becoming aware of this growing threat and taking action to counter it. A combination of awareness, policy and technology measures is the recommended way to ensure that business secrets stay that way.
Legislation, corporate governance and responsibility To see the likely direction for voice encryption legislation, it is useful to look at the closely related area of data encryption. After all, all mobile voice traffic is sent in digital form so the distinction between text and voice, where both are carried over a data network, is slender. Encryption of data to protect privacy is increasingly entering the regulatory framework. In the US, both California and Massachusetts have laws requiring the encryption of personal data on mobile devices.19
“Companies should consider mobile voice security as another corporate risk, requiring planning and action in just the same way as data security for laptops and internal networks” As the risks of mobile phone interception and the ability to protect against the threat become both more widespread and better understood, it seems reasonable that companies will come under increasing pressure to demonstrate appropriate measures to control the risks as part of a wider corporate risk management policy. The degree to which this is the case is yet to be tested in the courts, but the signs are that CIOs are increasingly considering
September 2010
Feature voice security within the overall IT protection policies of the organisation for vulnerable individuals.
Taking action One of the challenges of mobile phone security is the question of ownership within the organisation. Phones have an unclear home in most organisations, with IT departments that take complete ownership for laptops and internal networks often disconnected from mobile phone usage except where the devices need to connect to the company’s systems for email and data services. In some organisations, the ownership of phone interception risk comes from the top – the board or corporate audit/ risk committee who recognise the corporate risk associated with such information loss. However, today, this is not the norm. Instead, only a small proportion of companies have deployed any form of mobile phone protection and while 75% claim to have policies on voice security, this often extends only as far as advice to be careful where mobile phones are used. Clearly, such simple advice is no longer adequate and companies should consider mobile voice security as another corporate risk requiring planning and action, in just the same way as data security for laptops and internal networks.
About the author Simon Bransfield-Garth is CEO of Cellcrypt, which provides technology to secure mobile voice calls on smartphones. He has a wealth of international business and management experience from a career that spans more than 20 years with technology-based companies. Much of his experience is in the mobile communications industry and he was VP of global marketing at Symbian and, more recently, managing director for Europe and chief marketing officer at CarrierIQ, a provider of service intelligence solutions to mobile carriers. Bransfield-Garth has a PhD from Cambridge University and is also a chartered engineer, marketer and director.
September 2010
References 1. ‘Camillagate tapes deplored’. The Independent. 28 January 1993.
11. Gardner, David. ‘Private eye to the stars’ Anthony Pellicano jailed for 15 years for phone tapping rich and famous’. Daily Mail, 16 December 2008.
Network Security
11